Fix coverity issues

Fixes coverity issues 1642964, 1642965, 1642966, 1642968, 1642969

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26793)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 30ce835b8392064a39cb7d152f7b6a5023b3bd4d..44189604bd1fc15d8e0b0173838e2b93bd329d2c 100644 (file)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -580,11 +580,14 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx,
     /* We have a data managed via key management, using the new callbacks */
     if (enc) {
         if (ctx->cipher->einit_skey == NULL) {
-            /* Attempt fallback for providers that do not support SKEYs */
-            const unsigned char *keydata;
-            size_t keylen;
+            /*
+             *  When skey is NULL, it's a multiple-step init as the current API does.
+             *  Otherwise we try to fallback for providers that do not support SKEYs.
+             */
+            const unsigned char *keydata = NULL;
+            size_t keylen = 0;
 
-            if (!EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) {
+            if (skey != NULL && !EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) {
                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
                 return 0;
             }
@@ -592,16 +595,20 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx,
             ret = ctx->cipher->einit(ctx->algctx, keydata, keylen,
                                      iv, iv_len, params);
         } else {
-            ret = ctx->cipher->einit_skey(ctx->algctx, skey->keydata,
+            ret = ctx->cipher->einit_skey(ctx->algctx,
+                                          skey == NULL ? NULL : skey->keydata,
                                           iv, iv_len, params);
         }
     } else {
         if (ctx->cipher->dinit_skey == NULL) {
-            /* Attempt fallback for providers that do not support SKEYs */
-            const unsigned char *keydata;
-            size_t keylen;
+            /*
+             *  When skey is NULL, it's a multiple-step init as the current API does.
+             *  Otherwise we try to fallback for providers that do not support SKEYs.
+             */
+            const unsigned char *keydata = NULL;
+            size_t keylen = 0;
 
-            if (!EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) {
+            if (skey != NULL && !EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) {
                 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
                 return 0;
             }
@@ -609,7 +616,8 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx,
             ret = ctx->cipher->dinit(ctx->algctx, keydata, keylen,
                                      iv, iv_len, params);
         } else {
-            ret = ctx->cipher->dinit_skey(ctx->algctx, skey->keydata,
+            ret = ctx->cipher->dinit_skey(ctx->algctx,
+                                          skey == NULL ? NULL : skey->keydata,
                                           iv, iv_len, params);
         }
     }

diff --git a/providers/implementations/skeymgmt/generic.c b/providers/implementations/skeymgmt/generic.c
index 1333835088545f15b4f204e195b4b430534778c3..b41bf8e12dcb434b9c66723f81dfd132529109d4 100644 (file)
--- a/providers/implementations/skeymgmt/generic.c
+++ b/providers/implementations/skeymgmt/generic.c
@@ -45,6 +45,9 @@ void *generic_import(void *provctx, int selection, const OSSL_PARAM params[])
         return NULL;
 
     generic = OPENSSL_zalloc(sizeof(PROV_SKEY));
+    if (generic == NULL)
+        return NULL;
+
     generic->libctx = libctx;
 
     generic->type = SKEY_TYPE_GENERIC;

diff --git a/test/fake_cipherprov.c b/test/fake_cipherprov.c
index c9c038b17b36d65a547586a3822ab434b9f5b1bb..4a321d75b3bc90ccf0912bf48352fdfae11cfbef 100644 (file)
--- a/test/fake_cipherprov.c
+++ b/test/fake_cipherprov.c
@@ -168,9 +168,9 @@ static int fake_cipher(void *vctx, unsigned char *out, size_t *outl,
     PROV_CIPHER_FAKE_CTX *ctx = (PROV_CIPHER_FAKE_CTX *)vctx;
     size_t i;
 
-    if (outsize < inl)
+    if (out == NULL || outsize < inl)
         return 0;
-    if (out != NULL && in != out)
+    if (in != out)
         memcpy(out, in, inl);
     for (i = 0; i < inl; i++)
         out[i] ^= ctx->key[i % FAKE_KEY_LEN];